Re: Pasword expiration warning

Nathan Bossart <nathandbossart@gmail.com>

From: Nathan Bossart <nathandbossart@gmail.com>
To: Gilles Darold <gilles@darold.net>
Cc: Zsolt Parragi <zsolt.parragi@percona.com>, Japin Li <japinli@hotmail.com>, Yuefei Shi <shiyuefei1004@gmail.com>, songjinzhou <tsinghualucky912@foxmail.com>, PostgreSQL Hackers <pgsql-hackers@postgresql.org>, Andrew Dunstan <andrew@dunslane.net>, Tom Lane <tgl@sss.pgh.pa.us>, liu xiaohui <liuxh.zj.cn@gmail.com>, Steven Niu <niushiji@gmail.com>
Date: 2026-02-02T17:55:14Z
Lists: pgsql-hackers
On Mon, Feb 02, 2026 at 06:43:28PM +0100, Gilles Darold wrote:
> I think configuration name password_expiration_warning_threshold is too
> long, why not only password_warning_threshold?  I think the description is
> here to explain more the configuration directive.

I agree that it's long, but leaving out "expiration" makes the name rather
ambiguous.  FWIW we do have 3 other GUCs with lengths >= this
(max_parallel_apply_workers_per_subscription,
ssl_passphrase_command_supports_reload, and
autovacuum_vacuum_insert_scale_factor).

> About the unit, I think using minutes is useless. It should be set in days
> to be really useful but like all other time based directives it can be set
> in seconds, minutes or hours too. This give the user the granularity he
> wants. The common use will be to set it using 'Nd' syntax but if someone
> wants to use 'Ns' syntax, it can be done.

Not all time-based GUCs use seconds.  log_rotation_age and
wal_summary_keep_time use minutes, and many others using milliseconds.  But
I'm fine with changing it back to seconds.  That would still allow setting
the threshold up to ~68 years, which ought to be enough for anyone.

-- 
nathan



Commits

  1. Add password expiration warnings.